Example: bachelor of science

Compliance - Deloitte

Ensuring regulatory ComplianceIntegrating RiskAdvisory and Assurance 02 ContentsIntroduction 03 Roles and Responsibilities around regulatory Compliance Management 06A view of the regulatory Universe of key Industries 09 Conclusion 10 Contacts 1103 IntroductionIn an environment where global economic challenges, increased pressure on major financial institutions and changing business landscapes have led to stricter regulations in most major industries and countries around the world, the phrase regulatory Compliance has become an all-important language that can make or mar an organisation and its are increasingly elevating the processes and structures they need to enhance Compliance with regulations. The increased business impact of new legislation as well as the implications of non- Compliance within each organisation means the provision of applicable legislation has increased the focus by the board on regulatory achieving effective regulatory Compliance Management (RCM) within an organisation, the integrated governance roles of key management functions, mainly Legal, Compliance , Risk and Internal Audit must be understood and the regulatory Universe of the OrganisationWith over 500 pieces of legislation in South Africa, the legislatio

Roles and Responsibilities around Regulatory Compliance Management 06 A view of the Regulatory Universe of key Industries 09 Conclusion 10 Contacts 11. 03 Introduction ... emerging legislation relevant to its business and ensure that risks that may arise from the compliance requirements are well understood by the board and

Tags:

  Regulatory, Compliance, Relevant, Regulatory compliance

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Compliance - Deloitte

1 Ensuring regulatory ComplianceIntegrating RiskAdvisory and Assurance 02 ContentsIntroduction 03 Roles and Responsibilities around regulatory Compliance Management 06A view of the regulatory Universe of key Industries 09 Conclusion 10 Contacts 1103 IntroductionIn an environment where global economic challenges, increased pressure on major financial institutions and changing business landscapes have led to stricter regulations in most major industries and countries around the world, the phrase regulatory Compliance has become an all-important language that can make or mar an organisation and its are increasingly elevating the processes and structures they need to enhance Compliance with regulations. The increased business impact of new legislation as well as the implications of non- Compliance within each organisation means the provision of applicable legislation has increased the focus by the board on regulatory achieving effective regulatory Compliance Management (RCM) within an organisation, the integrated governance roles of key management functions, mainly Legal, Compliance , Risk and Internal Audit must be understood and the regulatory Universe of the OrganisationWith over 500 pieces of legislation in South Africa, the legislation applicable to each organisation will vary from one to the other, depending on the type of industry, the nature of the organisation and its business imperatives.

2 Every organisation hasa responsibility to identify existing and emerging legislation relevant to its business and ensure that risks that may arise from the Compliance requirements are well understood by the board and risks that may stem from non- Compliance with key legislative requirements can be very costly and damaging to an organisation and the custodians of governance within the organisation. The consequences of non- Compliance range from penalties and fines, to imprisonment, withdrawal of licenses, litigation and reputational risk which may individually and/or collectively have a fundamental impact on the organisation s sustainability as a going concern; as well as the impact that a lack of good corporate governance at board and business levels can have on the impact and probability of the risks that the legislation represents depend on the attention paid to the legislation and how well risk and RCM is entrenched within the organisation. It is therefore critical that an organisation implements relevant structures and processes to effectively manage and monitor the Compliance process to ensure that these are entrenched in a way that Compliance becomes embedded in business as usual risk related to all legislation will remain high until the organisation is able to implement measures or controls that effectively mitigate the risks arising out of Compliance requirements, especially in respect of new new legislation is promulgated, the inherent risk will always be high as operational breakdowns have a higher probability/likelihood of occurring in the / report title goes here | Section title goes here 06 Roles and Responsibilities around regulatory Compliance ManagementEmbedding Compliance with all key legislation in the organisation is a function of certain critical activities and stems from collaboration across key governance functions such as Legal, Compliance .

3 Risk Management, and Internal Audit. These functions all form part of the three lines of defence . Business and its operational management however also form a critical (if not the most important) line of defense in ensuring a compliant the three lines of defenceThe success of any RCM and monitoring programme depends on the existence, functioning and integration of these lines of defence in the performance of their three lines of defence as well as an overview of their key responsibilities are depicted in the diagram below:1st line of defence Management Assurance Assists in setting and executing strategies Provides direction, guidance and oversight Promotes a strong risk culture and sustainable risk-return thinking Promotes a strong Compliance culture and management of risk exposure Implements control design Ongoing implementation of controls and management of risks2nd line of defence Risk Management, Legal and Compliance Formal, robust and effective risk management within which the organisation s policies and minimum standards are set Interpretation of regulatory Compliance requirements Objective oversight and the ongoing challenge of risk mitigation, management and performance while reporting is achieved across the business units Overarching risk oversight across all risk types Regular monitoring of Risk, Legal and Compliance Ongoing Risk.

4 Legal and Compliance advise to the 1st line of defence3rd line of defence Internal Audit and other Independent Assurance Providers Independent and objective assurance of overall adequacy and effectiveness of governance, risk management and internal controls within the organisation as established by the 1st and 2nd lines of defence Ability to link business risks with established processes and provide assurance on the effectiveness of mitigation plans to effectively manage organisational risksLegal/ComplianceAn organisation may decide to have its Legal and Compliance functions integrated or operating as two separate units. This is usually done with consideration for the complexity, size and structure of the organisation. A Compliance Officer does not necessarily need to have a legal background, while this is a prerequisite for a Legal Officer, he/she will also handle litigation. Legal training is advantageous when it comes to interpreting statutes and contracts related to regulatory & MonitoringRiskAssurance &MonitoringRiskAssurance &Monitoring 2nd line defence 1st line defenceFinancial Control Assessment Control Assessment Control Assessment Control Assessment Control Assessment Control Assessment Control AssessmentFinancial Risk Identif cation Risk Assessment Compliance Risk Assessment Risk Assessment

5 Risk Identif cation & Management Risk Assessment & Support Risk AssessmentExternal Audit Internal Audit Compliance 3rd line defence 07 Risk ManagementThe Risk Management function should support the Compliance Office with the risk rating of the relevant regulation once the requirements of such regulation become operational in the organisation. A Compliance risk register for the regulatory universe, showing both the inherent and residual ratings of each piece of regulation, based on impact and likelihood, should be the product of this penalties financial, imprisonment, etc - and other business risks associated with key provisions of the regulation should be identified and captured on the Compliance risk register for the regulatory universe as management should know if a piece of regulation will affect shareholder value.

6 The knowledge of associated penalties triggers management to provide the resources and budget needed for the implementation of Compliance Operational ComplianceOnce the Legal/ Compliance function has effectively identified and interpreted Compliance requirements and facilitated the risk ratings on the Compliance Register, Business is responsible for ensuring the implementation of such should have its own Business Operational Compliance Officer/Champion who, upon receipt from the Legal/ Compliance Officer, of the information pack containing the executive review, Compliance alert, CRMP and presentation material, will commence the operational monitoring of the Compliance of business processes to the legislative , depending on the size and maturity of the organisation, the roles of Legal/ Compliance Officer can be combined with that of the Business Operational Compliance Officer, even that of the Risk Officer. This, of course, should be with due consideration of the nature and magnitude of business operations, segregation of duties, the risk profiles as well as the cost and benefits of combining or separating the should readily be able to provide Internal Audit with the regulatory universe of the organisation for the commencement of a Compliance Business should identify any key issues that may arise from Compliance requirements and capture these in CRMPs which can form critical management, monitoring and reporting tools if designed and implemented is the responsibility of the Legal/ Compliance function to stimulate and train the board and management on legislation pertinent to the organisation.

7 The Legal and/or Compliance function should undertake the following: Compile and maintain a regulatory universe for the organisation Facilitate the risk prioritisation of all pieces of regulation in the regulatory universe. This should be done working together with the Risk Management team and using the organisation s risk management framework Initiate projects to comply with new regulatory requirements within the organisation. First it is necessary to review the regulation to confirm whether it affects the organisation, and how Analyse and send out alerts on new regulation to inform the organisation of the new requirements Facilitate an executive review of the regulation by Legal analysts. Facilitate the completion of the Compliance Risk Management Plan ( CRMP ) by interpreting key legislation in plain language on the CRMP and ensuring the identification of issues, controls, risk exposure, responsible parties and monitoring plans by other participating parties such as Business and Internal Audit Update Compliance monitoring plans on the CRMP Escalate Compliance matters to management Undertake regular Compliance reporting08 Internal AuditInternal Audit, as the assurance provider, is responsible for reviewing the adequacy and effectiveness of the functioning of controls implemented by management to ensure Compliance with regulatory conducting a review of Compliance within the organisation, Internal Audit should ask the following questions: What are the pieces of regulation that should be reviewed?

8 What new processes are being put in place as a result of Compliance requirements? What new systems are being put in place to support and monitor Compliance ?The span of the Internal Audit review will be: Regulation Policy Procedures Systems/Processes. Internal Auditors should be able to map the regulation to the existence of a policy and a risk map. They need to substantiate and audit Compliance risk ratings that have changed, especially where residual ratings show improved controls. For example, if the organisation has had many complaints escalated to an ombudsman, it is a likely indication of non- Compliance and hence the applicable residual rating cannot be acceptable (green); it should probably be yellow or their review, Internal Auditors should be able to validate or provide the following inputs to the CRMP: Impacted Areas processes, systems and policies Existing Controls Additional Controls arising from amendments to, or new, regulation Risk Exposure High, Medium, Low Responsible Party Affected Parties Monitoring Plan Business Unit ComplianceA high level interpretation of the integrated role of the functions is shown in the diagram below.

9 Maintain and update regulatory universe Educate management and board on regulatory interpretation & requirements Facilitate regulatory risk prioritisation Maintain CRMP Assist business with implementation of operational Compliance Monitor & report Compliance matters Conduct regulatory risk prioritisation Facilitate completion of Compliance risk-register with ratings and mitigating actions Ensure awareness on the part of management & board on risk consequences of non-complianceLegal Operational ComplianceRisk ManagementINTERNAL AUDITRISKMANAGEMENTLEGALOPERATIONALCOMPL IANCE Assess adequacy and effectiveness of Compliance processes, systems & structures Highlight key weaknesses and associated risks noted and make recommendations to management & board on corrective actionsInternal Audit09 Auditing Profession Act 26 of 2005 Banks Act 94 of 1990 Basic Conditions of Employment Act 75 of 1997 Broad-Based Black Economic Empowerment Act 53 of 2003 Companies Act 71 of 2008 Compensation for Occupational Injuries and Diseases Act 130 of 1993 Constitution of the Republic of South Africa no 108 of 1996 Consumer Protection Act 68 of 2008 Customs and Excise Act 91 of 1964 Deeds Registries Act 47 of 1937 Development Bank of Southern Africa Act 13 of 1997 Electronic Communications Act 36 of 2002 Employment Equity Act 55 of 1998 Environment Conservation Act 73 of 1989 Exchange Control Amnesty and Amendment of Taxation Laws Act 12 of 2003 Financial Advisory and Intermediary Services Act 37 of 2002 Financial Institutions (Protection of Funds)

10 Act 28 of 2001 Financial Intelligence Centre Act 38 of 2001 Financial Services Board Act 97 of 1990 Hazardous Substances Act 15 of 1973 Income Tax Act 58 of 1962 Labour Relations Act 66 of 1995 Liquor Act 59 of 2003 Municipal Finance Management Act no 56 of 2003 Municipal Systems Act 32 of 2000 National Environmental Management Act 107 of 1998 Occupational Health and


Related search queries